This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Top Health Doctors West End

Summary

Top Health Doctors West End, a Brisbane-based GP and skin cancer clinic, experienced an email account compromise in September 2023 that may have impacted up to 5,500 patients. The breach was limited to an administrative email account and resulted in potential exposure of patient personal information including names, dates of birth, addresses, and Medicare card details. Services Australia conducted a data matching exercise to identify affected individuals and apply proactive security measures.

What Happened

In September 2023, Top Health Doctors West End experienced a phishing attack that compromised an administrative email mailbox. The incident was limited to this single email account rather than affecting the clinic's broader IT systems or patient management platforms.

The breach was publicly disclosed in late November to early December 2023 when Services Australia opened a data matching exercise to identify and protect affected individuals. Top Health notified all patients at the West End practice as a precautionary measure.

Impact on Individuals

Approximately 5,500 patients were potentially affected by the breach. The compromised data included patient names, dates of birth, addresses, and Medicare card numbers, expiry dates, and the names appearing on Medicare and Centrelink concession cards.

While the breach was limited to an email account rather than the clinic's main patient records system, the exposed information could still be used for identity fraud or to access Medicare benefits fraudulently.

Organisational Response

Top Health Doctors notified relevant authorities including Services Australia, which deployed a specialist team to apply precautionary measures to affected records. The federal agency compared the data provided by Top Health Doctors against Medicare and Centrelink customer records to identify approximately 5,500 impacted customers.

Services Australia implemented proactive security measures on affected Medicare and Centrelink accounts to prevent potential fraud. The clinic emphasised that the breach was contained to an administrative email account and that broader patient management systems remained secure.

The incident highlighted the vulnerability of medical practices to email compromise attacks and the importance of securing administrative accounts that may contain patient information.

Verification Source: View original statement